Google patches two Android zero-days, 120 defects total in September security update | CyberScoop<\/title> <meta name=\"description\" content=\"The critical, actively exploited zero-day vulnerabilities affect the Linux kernel and Android runtime.\"> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/android-security-update-september-2025\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"Google patches two Android zero-days, 120 defects total in September security update\"> <meta property=\"og:description\" content=\"The critical, actively exploited zero-day vulnerabilities affect the Linux kernel and Android runtime.\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/android-security-update-september-2025\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/cyberscoop\/\"> <meta property=\"article:published_time\" content=\"2025-09-03T15:45:04+00:00\"> <meta property=\"article:modified_time\" content=\"2025-09-03T15:45:06+00:00\"> <meta name=\"author\" content=\"Matt Kapko\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <meta name=\"twitter:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/09\/google-patches-two-android-zero-days-120-defects-total-in-september-security-update-2.jpg\"> <meta name=\"twitter:creator\" content=\"@CyberScoopNews\"> <meta name=\"twitter:site\" content=\"@CyberScoopNews\">  <link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-2\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1754500264g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress\/dist\/css\/related-posts-block-styles.min.css?m=1756821995g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-8\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1753281318g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=13897d660a0ac2c9c7d1\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" title=\"JSON\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/85822\"><link rel=\"EditURI\" type=\"application\/rsd+xml\" title=\"RSD\" href=\"https:\/\/cyberscoop.com\/xmlrpc.php?rsd\">\n<meta name=\"generator\" content=\"WordPress 6.8.2\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=85822\">\n<link rel=\"alternate\" title=\"oEmbed (JSON)\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fandroid-security-update-september-2025%2F\">\n<link rel=\"alternate\" title=\"oEmbed (XML)\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fandroid-security-update-september-2025%2F&format=xml\">   <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"wp-singular post-template-default single single-post postid-85822 single-format-standard wp-theme-scoopnewsgroup wp-child-theme-cyberscoop\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/android-security-update-september-2025\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--newsletter js-stickybar\" readability=\"0.82\"> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"25.965517241379\">\n<div class=\"single-article__header-content\" readability=\"35.072916666667\">\n<ul class=\"single-article__eyebrow\">\n<li class=\"single-article__category\"> <a class=\"single-article__category-link\" href=\"https:\/\/cyberscoop.com\/android-security-update-september-2025\/\"> <span>Technology<\/span> <\/a> <\/li>\n<\/ul>\n<p> The critical, actively exploited zero-day vulnerabilities affect the Linux kernel and Android runtime. <\/p>\n<p>  <br \/>\n<audio id=\"audio-player\" src=\"https:\/\/wp-tts-cdn.api.scpnewsgrp.com\/cyberscoop\/85822\/english.openai.mp3\"><\/audio> <\/p>\n<div readability=\"11\">\n<div>\n<p>Listen to this article<\/p>\n<p>  <\/p>\n<p>0:00<\/p>\n<\/p><\/div>\n<p>  <\/p>\n<p> <span id=\"tts-tooltip\">Learn more.<\/span> <span> This feature uses an automated voice, which may result in occasional errors in pronunciation, tone, or sentiment. <\/span> <\/p>\n<\/div>\n<p>  <\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"446\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/09\/google-patches-two-android-zero-days-120-defects-total-in-september-security-update.jpg?resize=640%2C446&ssl=1\" class=\"single-article__cover-image wp-post-image\" alt=\"Workers enter a building on the Google headquarters campus on July 23, 2025, in Mountain View, California.\" decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/09\/google-patches-two-android-zero-days-120-defects-total-in-september-security-update-2.jpg 5180w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/09\/google-patches-two-android-zero-days-120-defects-total-in-september-security-update-2.jpg?resize=300,209 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/09\/google-patches-two-android-zero-days-120-defects-total-in-september-security-update-2.jpg?resize=768,535 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/09\/google-patches-two-android-zero-days-120-defects-total-in-september-security-update-2.jpg?resize=1024,714 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/09\/google-patches-two-android-zero-days-120-defects-total-in-september-security-update-2.jpg?resize=1536,1070 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/09\/google-patches-two-android-zero-days-120-defects-total-in-september-security-update-2.jpg?resize=2048,1427 2048w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/09\/google-patches-two-android-zero-days-120-defects-total-in-september-security-update-2.jpg?resize=600,418 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/09\/google-patches-two-android-zero-days-120-defects-total-in-september-security-update-2.jpg?resize=241,168 241w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/09\/google-patches-two-android-zero-days-120-defects-total-in-september-security-update-2.jpg?resize=484,337 484w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/09\/google-patches-two-android-zero-days-120-defects-total-in-september-security-update-2.jpg?resize=969,675 969w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/09\/google-patches-two-android-zero-days-120-defects-total-in-september-security-update-2.jpg?resize=1210,843 1210w\" sizes=\"(max-width: 969px) 100vw, 969px\"><figcaption> Workers enter a building on the Google headquarters campus on July 23, 2025, in Mountain View, California. (Justin Sullivan\/Getty Images) <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"19.960700389105\"><body readability=\"40.648597242035\"><\/p>\n<p>Google warned that two actively exploited zero-day vulnerabilities affecting Android devices have been patched in its <a href=\"https:\/\/source.android.com\/docs\/security\/bulletin\/2025-09-01\">September security update<\/a>, which addresses 120 software defects total. <\/p>\n<p>The zero-days \u2014 <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-38352\">CVE-2025-38352<\/a> affecting the kernel and <a href=\"https:\/\/www.cve.org\/CVERecord?id=CVE-2025-48543\">CVE-2025-48543<\/a> affecting Android Runtime \u2014 are both high-severity defects that don\u2019t require user interaction for exploitation and could lead to escalation of privilege with no additional execution privileges needed. Google said there are indications that both of the vulnerabilities may be under limited, targeted exploitation.<\/p>\n<p>Google hasn\u2019t included an actively exploited defect in its monthly batch of patches since May. The total number of vulnerabilities disclosed this month is also the highest this year. <\/p>\n<p>The Android security update contains two patch levels \u2014 2025-09-01 and 2025-09-05 \u2014 allowing Android partners to address common vulnerabilities on different devices.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Third-party Android device manufacturers release security patches on their own schedule after they\u2019ve customized operating system updates for their specific hardware.<\/p>\n<p>The primary security update contains one critical vulnerability affecting the system component, <a href=\"https:\/\/www.cve.org\/CVERecord?id=CVE-2025-48539\">CVE-2025-48539<\/a>, which could lead to remote code execution. The first patch level also addresses 29 vulnerabilities in the framework, 28 in the system, one defect affecting Widevine DRM components and nine Google Play system updates.<\/p>\n<p>The second patch includes fixes for three vulnerabilities affecting the kernel, three Arm components defects, 10 Imagination Technologies bugs and four vulnerabilities affecting MediaTek components. The update also addresses <a href=\"https:\/\/docs.qualcomm.com\/product\/publicresources\/securitybulletin\/september-2025-bulletin.html\">32 vulnerabilities affecting Qualcomm components<\/a>, including 27 closed-source components. <\/p>\n<p>Three of the vulnerabilities affecting Qualcomm\u2019s proprietary components \u2014 CVE-2025-21450, CVE-2025-21483 and CVE-2025-27034 \u2014 are designated as critical.<\/p>\n<p>Google said source code patches for all vulnerabilities addressed in this month\u2019s security update will be released to the Android Open Source Project repository by Thursday.<\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\" readability=\"3.8336909871245\">\n<div class=\"author-card\" readability=\"14\">\n<div class=\"author-card__avatar\">\n<figure class=\"author-card__image-wrap\"> <img data-recalc-dims=\"1\" decoding=\"async\" class=\"author-card__image\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/09\/google-patches-two-android-zero-days-120-defects-total-in-september-security-update-1.jpg?w=640&ssl=1\" alt=\"Matt Kapko\"> <\/figure>\n<\/p><\/div>\n<p><h4 class=\"author-card__name\">Written by Matt Kapko<\/h4>\n<p> Matt Kapko is a reporter at CyberScoop. His beat includes cybercrime, ransomware, software defects and vulnerability (mis)management. The lifelong Californian started his journalism career in 2001 with previous stops at Cybersecurity Dive, CIO, SDxCentral and RCR Wireless News. Matt has a degree in journalism and history from Humboldt State University. <\/p>\n<\/p><\/div>\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<div class=\"popular-stories popular-stories--single-post\">\n<div class=\"popular-stories__container\">\n<h2 class=\"popular-stories__title\"> More Scoops <\/h2>\n<p>  <\/div>\n<p>\n<\/div>\n<p> <\/p>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p>   <\/body> <a href=\"https:\/\/cyberscoop.com\/android-security-update-september-2025\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Google patches two Android zero-days, 120 defects total in September<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[2491,4951,78,387,3414,3036,310,2281,703],"tags":[2493,4952,86,391,3416,3038,311,2283,705],"class_list":["post-7957","post","type-post","status-publish","format-standard","hentry","category-android","category-arm","category-cybersecurity","category-google","category-mediatek","category-qualcomm","category-technology","category-vulnerability","category-vulnerability-disclosure","tag-android","tag-arm","tag-cybersecurity","tag-google","tag-mediatek","tag-qualcomm","tag-technology","tag-vulnerability","tag-vulnerability-disclosure"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/android\/\" rel=\"category tag\">Android<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/arm\/\" rel=\"category tag\">ARM<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybersecurity\/\" rel=\"category tag\">Cybersecurity<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/google\/\" rel=\"category tag\">Google<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/mediatek\/\" rel=\"category tag\">MediaTek<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/qualcomm\/\" rel=\"category tag\">Qualcomm<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/technology\/\" rel=\"category tag\">Technology<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/vulnerability\/\" rel=\"category tag\">vulnerability<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/vulnerability-disclosure\/\" rel=\"category tag\">vulnerability disclosure<\/a>","tag_info":"vulnerability disclosure","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/7957","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=7957"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/7957\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=7957"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=7957"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=7957"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":7957,"date":"2025-09-03T10:45:04","date_gmt":"2025-09-03T15:45:04","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=85822"},"modified":"2025-09-03T10:45:04","modified_gmt":"2025-09-03T15:45:04","slug":"google-patches-two-android-zero-days-120-defects-total-in-september-security-update","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2025\/09\/03\/google-patches-two-android-zero-days-120-defects-total-in-september-security-update\/","title":{"rendered":"Google patches two Android zero-days, 120 defects total in September security update"},"content":{"rendered":"